|
|
 |
| New User, Welcome! Login |
NetWin Surgemail XSS vulnerability
| From: |
kerem kocaer bitsec se |
| To: |
bugtraq securityfocus com |
| Cc: |
|
| Subject: |
NetWin Surgemail XSS vulnerability |
| Date: |
Mon - Oct 04, 2010 12:58 AM |
Application NetWin Surgemail 4.3e
Vendor NetWin - http://netwinsite.com
Discovered by Kerem Kocaer <kerem.kocaer@bitsec.se>
Problem
-------
Cross-site scripting (XSS) vulnerability in the Surgemail webmail login page
(/surgemail) allows remote attackers to inject arbitrary web script or HTML.
Input passed to the "username_ex" parameter is not properly sanitised before
being returned to the user, therefore enabling the execution of arbitrary
script code in a user's browser session, which can lead to cookie theft and
session hijacking.
The vulnerability is confirmed to exist in version 4.3e (latest version at
the date of vulnerability discovery). Previous versions may also be vulnerable.
Exploit
-------
http://[address]/surgeweb?username_ex="/><scri<script>alert(document.cookie);</script><input type="hidden
(tested on Firefox)
Fix
---
The vendor has reported fixing the problem in version 4.3g.
Timeline
--------
2010-05-13 Notified NetWin (ChrisP.)
2010-05-13 Received response from NetWin
2010-05-13 Provided details to NetWin
2010-05-26 Surgemail patched
Reference
---------
CVE Number: CVE-2010-3201
|
|
|
Copyright © 1995-2012 LinuxRocket.net. All rights reserved.
Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!
